Share via

MS Graph - team create API returns 403 Forbidden error without proper error message

Wolken Software Ltd 0 Reputation points
2023-07-28T19:24:34.6533333+00:00

I have a single-tenant Azure app and I have all the required permission for creating an MS team via the app, and The API was working fine with the multi-tenant App earlier, but the same code is not working for the single-tenant app registered user; Please let me know if I am missing anything here; I am using organization tenant uri in my authn and authz calls for the single tenant.

Error Response User's image

API Permissions:

User's image

Decoded user's token

User's image

Microsoft 365
Microsoft 365
Formerly Office 365, is a line of subscription services offered by Microsoft which adds to and includes the Microsoft Office product line.
4,365 questions
Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
11,447 questions
Microsoft Teams Development
Microsoft Teams Development
Microsoft Teams: A Microsoft customizable chat-based workspace.Development: The process of researching, productizing, and refining new or existing technologies.
3,065 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sayali-MSFT 2,266 Reputation points Microsoft Vendor
    2023-07-31T13:03:29.7566667+00:00

    @Wolken Software Ltd - When issuing a request with application permissions, a user must be specified in the members collection.

    POST https://graph.microsoft.com/v1.0/teams
Content-Type: application/json

{
   "template@odata.bind":"https://graph.microsoft.com/v1.0/teamsTemplates('standard')",
   "displayName":"My Sample Team",
   "description":"My Sample Team’s Description",
   "members":[
      {
         "@odata.type":"#microsoft.graph.aadUserConversationMember",
         "roles":[
            "owner"
         ],
         "user@odata.bind":"https://graph.microsoft.com/v1.0/users('0040b377-61d8-43db-94f5-81374122dc7e')"
      }
   ]
}

    User's image

    If you are using the unattended client credentials flow to obtain an access token, then you must specify the user in the member collection.

  2. CarlZhao-MSFT 40,311 Reputation points
    2023-08-01T03:13:35.17+00:00

    Hi @Wolken Software Ltd

    Make sure the target user has an O365 license, which is required to create a team.

    Hope this helps.

    If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.